Cyber Risk Management: Legal Privilege Strategy – Part 2 of 2

An organization’s cyber risk management activities may result in sensitive communications and documents that the organization’s personnel expect will remain confidential. Nevertheless, in many circumstances an organization may be legally obligated to disclose those communications and documents unless the organization is able to assert a legal right – called “legal privilege” – to not make the disclosure.

My partner Brad Freedman has prepared a very useful two-part bulletin which discusses legal privilege and cyber risk management. The first part of this bulletin which I made available on my blog last week discusses cyber risk reporting and disclosure obligations and the basic rules for legal privilege, and can be accessed here.

The second part of this bulletin provides practical recommendations for a legal privilege strategy for cyber risk management activities. This Part 2 of the Cyber Risk Management – Legal Privilege Strategy bulletin can be accessed here.


This content has been updated on July 29, 2016 at 10 h 13 min.